Ron Gula

Web application auditing is really difficult if you don’t know about the presence of a website or specific application. You may not know about a web server. You may not know what applications run on that single web server. You may even have malicious websites installed on your network by malware or Trojans. Nessus is great for scanning and finding web servers, even on uncommon ports, but you need to scan often to get the most benefit. Fortunately, Tenable’s Passive Vulnerability Scanner (PVS) can discover new web servers and all of their active web sites in real-time and without any impact to your network. This blog discusses how the PVS can be used to audit networks to find all authorized and malicious websites in use.

One of the advantages of Tenable’s suite of Unified Security Monitoring products is that continuous vulnerability monitoring can be used to find reintroduced security issues. Vulnerabilities that were once mitigated but are now back again represent process and organizational issues that must be handled differently. Simply reporting the vulnerability again and waiting for it to be patched does not address the fundamental flaw in the process. This blog entry discusses how recurring vulnerabilities are detected, some of the reasons why they may be recurring and how you can track and report on them with Tenable’s SecurityCenter.

If you have a SQL server on your network, you know how important it is to monitor transactions to identify suspicious activity.The Passive Vulnerability Scanner (PVS) can sniff SQL traffic in real-time and then send SYSLOG data to the Log Correlation Engine (LCE) that looks like this:<36> Jun 21 08:34:05 pvs: 149.X.X.X:0|149.X.X.X:0|7019|Database command logging|version: 1.19 PVS has observed the following command from a database client to the database server (206.X.X.X): SELECT COUNT(CASE WHEN e.EmailType = ‘User’ OR t.ProcessType = ‘Borrowing’ THEN 1 ELSE null end) as Borrowing,|INFO

Tenable Network Security is proud to announce the release of version 3.2 of the Passive Vulnerability Scanner (PVS). This product is a network sniffer that scans for real-time vulnerability data and transmits it to Tenable’s Security Center management console along with real-time user and forensic activity transmitted to Tenable’s Log Correlation Engine (LCE). This blog entry describes many of the new features and enhancements in this release.